search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
turns printfs back on
[freebsd-src/fkvm-freebsd.git] / tools / regression / ipsec / ipsec.t
blob6446bf5869e39efc149510efbbf3e98726998355
1 #!/bin/sh
2 # $FreeBSD$
3 #
4 # IPsec regression test.
5 #
6 # This test sets up tunnels on the localhost (lo0) interface
7 # with various ciphers by using the setkey(8) command and then
8 # attempts to ping each end of the tunnel.
9 # The test says which pings worked and which failed.
10 #
11 # Expected Output: No failures
12
13 ipbase="127.255"
14 netif="lo0"
15 spi="10000"
16
17 echo "1..414"
18
19 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
20
21 ifconfig $netif alias ${ipbase}.0.1/24
22 ifconfig $netif alias ${ipbase}.1.1/24
23
24 i=1
25
26 for ecipher in \
27 des-cbc:12345678 \
28 3des-cbc:012345678901234567890123 \
29 blowfish-cbc:0123456789012345 \
30 blowfish-cbc:01234567890123456789 \
31 blowfish-cbc:012345678901234567890123 \
32 blowfish-cbc:0123456789012345678901234567 \
33 blowfish-cbc:01234567890123456789012345678901 \
34 blowfish-cbc:012345678901234567890123456789012345 \
35 blowfish-cbc:0123456789012345678901234567890123456789 \
36 blowfish-cbc:01234567890123456789012345678901234567890123 \
37 blowfish-cbc:012345678901234567890123456789012345678901234567 \
38 blowfish-cbc:0123456789012345678901234567890123456789012345678901 \
39 blowfish-cbc:01234567890123456789012345678901234567890123456789012345 \
40 cast128-cbc:0123456789012345 \
41 aes-ctr:01234567890123456789\
42 aes-ctr:0123456789012345678901234567\
43 aes-ctr:012345678901234567890123456789012345\
44 camellia-cbc:0123456789012345\
45 camellia-cbc:012345678901234567890123\
46 camellia-cbc:01234567890123456789012345678901\
47 rijndael-cbc:0123456789012345 \
48 rijndael-cbc:012345678901234567890123 \
49 rijndael-cbc:01234567890123456789012345678901; do
50
51 ealgo=${ecipher%%:*}
52 ekey=${ecipher##*:}
53
54 for acipher in \
55 hmac-md5:0123456789012345 \
56 hmac-sha1:01234567890123456789 \
57 hmac-ripemd160:01234567890123456789 \
58 hmac-sha2-256:01234567890123456789012345678901 \
59 hmac-sha2-384:012345678901234567890123456789012345678901234567 \
60 hmac-sha2-512:0123456789012345678901234567890123456789012345678901234567890123; do
61
62 aalgo=${acipher%%:*}
63 akey=${acipher##*:}
64
65 setkey -F
66 setkey -FP
67
68 (echo "add ${ipbase}.0.1 ${ipbase}.1.1 esp $spi -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
69 echo "add ${ipbase}.1.1 ${ipbase}.0.1 esp `expr $spi + 1` -m transport -E $ealgo \"${ekey}\" -A $aalgo \"${akey}\" ;"
70
71 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
72 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;"
73 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;"
74 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
75 ) | setkey -c >/dev/null 2>&1
76 if [ $? -eq 0 ]; then
77 echo "ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
78 else
79 echo "not ok $i - setkey ${ealgo} ${ekey} ${aalgo} ${akey}"
80 fi
81 i=$((i+1))
82
83 ping -c 1 -t 2 -S ${ipbase}.0.1 ${ipbase}.1.1 >/dev/null
84 if [ $? -eq 0 ]; then
85 echo "ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
86 else
87 echo "not ok $i - test 1 ${ealgo} ${ekey} ${aalgo} ${akey}"
88 fi
89 i=$((i+1))
90 ping -c 1 -t 2 -S ${ipbase}.1.1 ${ipbase}.0.1 >/dev/null
91 if [ $? -eq 0 ]; then
92 echo "ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
93 else
94 echo "not ok $i - test 2 ${ealgo} ${ekey} ${aalgo} ${akey}"
95 fi
96 i=$((i+1))
97 done
98 done
99
100 setkey -F
101 setkey -FP
102
103 ifconfig $netif -alias ${ipbase}.0.1
104 ifconfig $netif -alias ${ipbase}.1.1
FreeBSD kvm: FreeBSD sources